Kerio Control suffers from a SQL Injection Vulnerability which can lead to gain users
sensitive informations like passwords , to use this vulnerability attacker need a
valid client username and password .

Vulnerability Disclosure Timeline:
==================================
May 30 2014 - Disclosure
May 31 2014 - Received a CVE ID
May 31 2014 - Initial Report to Kerio Security Team
June 3 2014 - Support team replied fix is planned to be included in a future release
June 30 2014 - Patched
July 1 2014 - Publication